Building and deploying custom TAs for OP-TEE into LS1012A FRWY

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Building and deploying custom TAs for OP-TEE into LS1012A FRWY

2,455 Views
gabriele_coppol
Contributor II

Hi all,

I'm having some issues into building and deploying Trusted Applications (TAs) with flex-builder for my LS1012AFRWY. I'm trying to deploy the hello-world example download from the reference examples.

Could you please detail all the steps required?

I tried to include them into packages/apps/optee_os , packages/apps/optee_client and packages/apps/optee_test , including them into Makefiles, but I'm not able to see the UUID into the deployed rootfs under /lib/optee_armtz.

I already built everything with CONFIG_BUILD_OPTEE=y.

In addition, is there a way to have a console in the Secure (non-rich) OS ?

Thanks in advance.

0 Kudos
Reply
6 Replies

2,176 Views
yipingwang
NXP TechSupport
NXP TechSupport

Hello Gabriele Coppolino,

Please refer to the section "4. Develop OP-TEE Trusted Application" and optee_storage sample code in OP-TEE Trusted Application on QorIQ ARM Based Processors .

Please refer to the following section about how to build OP-TEE trusted application into LSDK rootfs filesystem.
Please build optee_os and optee_client with flex-builder in LSDK.
$ flex-builder -c optee_os -a arm64
$ flex-builder -c optee_client -a arm64


After set up Toolchain environment for ARM64.
$ make TA_DEV_KIT_DIR=~/flexbuild_lsdk1903/packages/apps/optee_os/out/arm-plat-ls/export-ta_arm64  TEEC_EXPORT=~/flexbuild_lsdk1903/build/apps/components_LS_arm64


Final CA image and TA image,
CA: host/storage-test
TA: ta/59e4d3d3-0199-4f74-b94d-53d3daa57d73.ta
Copy TA image to build/apps/components_LS_arm64/lib/optee_armtz/ and CA to root file system.
$ tee-supplicant /dev/teepriv0 &
$ ./storage-test > log

Thanks,

Yiping

0 Kudos
Reply

2,176 Views
gabriele_coppol
Contributor II
Hello Yiping Wang,
I'm now able to create both host and ta outputs, then I upload the two files into my board (with already tee on-board) but executing the storage test app, I get the TEEC_ERROR_ACCESS_DENIED error, then a dump of the memory is shown. How can I fix this?
Thank you in advance,
Gabriele Coppolino
0 Kudos
Reply

2,176 Views
yipingwang
NXP TechSupport
NXP TechSupport

Please Copy TA image to build/apps/components_LS_arm64/lib/optee_armtz/ and CA to root file system.

0 Kudos
Reply

2,176 Views
gabriele_coppol
Contributor II

Hello Yiping Wang,

I did it. I also tried to add my code into xtest source files (both host and ta) and the result is always the same.

Please see the attached log. There are some extra prints and rights tests at the beginning.

In packages/apps/optee_os/core/arch/arm/plat-ls/conf.mk I also added the following lines:

$(call force,CFG_CACHE_API,n)
$(call force,CFG_CORE_RESERVED_SHM,y)

I'm using LS1012AFRWY-RevB (512MB DDR) and the error is present in different boards.

0 Kudos
Reply

2,176 Views
yipingwang
NXP TechSupport
NXP TechSupport

CA source code is in optee_storage/host folder, teec_uuid is defined as the following in
storage_helpers.c, this value is used to open the specific TEEC session.
TEEC_UUID teec_uuid = {
0x59e4d3d3, 0x0199, 0x4f74,
{ 0xb9, 0x4d, 0x53, 0xd3, 0xda, 0xa5, 0x7d, 0x73 }
};
TA source code is located in optee_storage/ta, please refer to the following TEE_UUID definition
in storage_ta_helper.h.
#define TEE_UUID { 0x59e4d3d3, 0x0199, 0x4f74, \
{ 0xb9, 0x4d, 0x53, 0xd3, 0xda, 0xa5, 0x7d, 0x73 } }


Please refer to the following definition in TA Makefile.
BINARY = 59e4d3d3-0199-4f74-b94d-53d3daa57d73

0 Kudos
Reply

2,176 Views
gabriele_coppol
Contributor II

I've already have these informations from https://community.nxp.com/docs/DOC-340919 but this is not helping me for solving this issue

0 Kudos
Reply